Freedom Mobile, the fourth-largest wireless carrier in Canada with over 2.2 million subscribers, has disclosed a data breach following an attack on its customer account management platform. The company, which provides coverage to 99% of Canadians, was founded in 2008 as Wind Mobile by Globalive and was acquired by Vidéotron, a subsidiary of Québecor, in 2023. This acquisition established the carrier as the country’s fourth major wireless provider, serving more than 3.5 million mobile customers.
Freedom Mobile published a data breach notification today, detailing that the incident was detected on October 23. The company stated that its investigation determined a third party utilized the account of a subcontractor to gain unauthorized access to the personal information of a limited number of its customers. Upon discovery, Freedom quickly implemented corrective security measures, including blocking the suspicious accounts and corresponding IP addresses, to contain the incident.
The personal and contact information that was exposed in the breach included first and last names, home addresses, dates of birth, home and/or cell phone numbers, and Freedom Mobile account numbers. Although the wireless carrier has not found any evidence that the compromised data has been misused since the breach occurred, it has cautioned affected customers to be highly suspicious of any unexpected messages that request their personal details or direct them to an external website to input information.
A spokesperson for Freedom Mobile clarified that the company’s network and operations were not impacted by the incident, confirming that it was not a ransomware attack. They reiterated that the threat actors leveraged a stolen subcontractor account to access the data of a limited number of customers. However, the exact number of customers affected by this data breach was not disclosed by the wireless carrier.
In addition to being wary of suspicious communication, Freedom Mobile recommends that customers avoid clicking links or downloading attachments from emails or texts that appear questionable. They also advised customers to regularly check their accounts for any signs of unusual activity. This is not the first security incident for the company, as Freedom Mobile previously confirmed a separate data breach in May 2019 when an unsecured customer support database belonging to a third-party vendor exposed the data of approximately 15,000 customers.
Reference:
